May 21, 2023 7:00 AM

The Real Risks in Google’s New .Zip and .Mov Domains

While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.

At the beginning of May, Google released eight new top-level domains (TLDs)—the suffixes at the end of URLs, like “.com” or “.uk.” These little addendums were developed decades ago to expand and organize URLs, and over the years, the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) has loosened restrictions on TLDs so organizations like Google can bid to sell access to more of them. But while Google's announcement included light-hearted offerings like “.dad” and “.nexus,” it also debuted a pair of TLDs that are uniquely poised to invite phishing and other types of online scamming: “.zip” and “.mov”.

You’ve read your last free article.

The intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium newsletters—cancel anytime.

START FREE TRIAL

Already a subscriber? Sign In

The intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium newsletters START FREE TRIAL

In your inbox: Will Knight's AI Lab explores advances in AI
Meta’s facial recognition glasses could arm sexual predators
Big Story: The snake bros getting bitten by their lethal pets
The deepfake nudes crisis in schools is worse than you thought
Listen: Silicon Valley is spending millions to stop one of its own

Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate, and was the staff writer for Future Tense, a publication and partnership between Slate, the New America Foundation, and Arizona State University. Her work ... Read More

Senior Writer

Topicsphishing security malware Google

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations.

Sammy Sussman

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

In Telegram groups, men are sharing thousands of nonconsensual images of women and girls, buying spyware, and engaging in doxing and sexual abuse.

Matt Burgess

It Takes 2 Minutes to Hack the EU’s New Age-Verification App

Plus: Major data breaches at a gym chain and hotel giant, a disruptive DDoS attack against Bluesky, dubious ICE hires, and more.

Andrew Couts

Google Now Lets You Change Your Gmail Address. Here’s How

You’ve probably had the same Gmail address for years. Now, it’s easy to make a name change without worrying about the transition.

Reece Rogers

Google's AI Mode Update Tries to Kill Tab Hopping in Chrome

Google latest update to AI Mode in its Chrome browser is designed to keep the chatbot-style search tool always around once you start an online search journey.

Reece Rogers

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure

As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure.

Andy Greenberg

Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think

The new AI model is being heralded—and feared—as a hacker’s superweapon. Experts say its arrival is a wake-up call for developers who have long made security an afterthought.

Lily Hay Newman

Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market

The UK designated Xinbi Guarantee as an enabler of crypto scammers and human trafficking weeks ago. Telegram is still hosting it in plain sight.

Andy Greenberg

How to Use Google Chrome’s New AI-Powered ‘Skills’

The premade Skills available through the Gemini sidebar in Chrome include ways to maximize protein in recipes or summarize YouTube videos.

Reece Rogers

Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance

A post-midnight revolt in the House sank the White House's efforts to extend Section 702—a spy program the FBI has used to look into members of Congress, protesters, and political donors.

Dell Cameron

Hackers Are Posting the Claude Code Leak With Bonus Malware

Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more.

Andrew Couts

Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything

The AI lab's Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They'll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities.

Lily Hay Newman

You Might Also Like

Don't Just Keep Up. Get Ahead